Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e37342e302f32342d3234203d3e2032393134.roa
File:                     3134352e37392e37342e302f32342d3234203d3e2032393134.roa (raw, json)
Hash identifier:          X+Jv7JITrKdDv/uewaTlR+W/938nHOVMxOsrlJxRk9c=
Subject key identifier:   EB:BF:9C:F5:B3:63:0E:E3:48:80:7B:6D:9F:DD:48:8B:0D:1B:11:4E
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       433CE0B979BF55C0B4E2BFD9D45709D8540B323E
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e37342e302f32342d3234203d3e2032393134.roa
Signing time:             Thu 21 Aug 2025 06:39:25 +0000
ROA not before:           Thu 21 Aug 2025 06:34:25 +0000
ROA not after:            Thu 20 Aug 2026 06:39:25 +0000
asID:                     2914
IP address blocks:        145.79.74.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            43:3c:e0:b9:79:bf:55:c0:b4:e2:bf:d9:d4:57:09:d8:54:0b:32:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Aug 21 06:34:25 2025 GMT
            Not After : Aug 20 06:39:25 2026 GMT
        Subject: CN=EBBF9CF5B3630EE348807B6D9FDD488B0D1B114E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:9a:4d:21:bd:ab:7a:eb:00:1c:d1:e3:4a:a6:
                    8d:77:52:60:04:6f:b6:59:08:a0:da:5f:fa:82:b9:
                    23:6c:29:0f:26:6c:ca:a4:59:af:09:ef:84:ad:28:
                    c5:e4:87:d4:4f:41:ab:7c:58:3a:da:15:ae:bc:8f:
                    2e:20:85:c0:73:25:42:ba:ca:cd:5d:b1:3d:f2:ad:
                    03:51:ea:94:2c:fd:94:79:34:d6:2e:07:c7:50:fc:
                    13:d3:62:9a:f2:ab:db:99:df:a9:b8:8e:50:50:98:
                    d6:34:9e:63:42:1f:3f:11:25:ab:c6:4d:e1:6e:45:
                    70:f8:c0:0b:8e:6d:f3:d8:da:65:1a:b2:3a:b4:bd:
                    cd:f3:92:e1:af:ba:2c:4a:bc:30:75:98:71:81:64:
                    ec:1d:33:21:ee:c8:8b:fc:42:7e:48:81:72:f9:c3:
                    67:c0:6c:29:49:0f:84:b8:99:12:4d:93:1d:61:05:
                    34:be:39:27:d5:8a:fc:f5:74:91:86:cb:ee:8b:10:
                    81:f1:12:d6:b9:eb:45:b5:6c:ed:ee:11:25:3c:7f:
                    71:9b:ea:fa:83:1b:24:5a:98:0d:1d:a2:36:69:8c:
                    08:ad:40:52:47:89:42:25:b0:ca:99:65:f4:ff:68:
                    a4:11:71:8e:bd:93:3c:60:a9:52:f2:b8:aa:cb:de:
                    e9:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:BF:9C:F5:B3:63:0E:E3:48:80:7B:6D:9F:DD:48:8B:0D:1B:11:4E
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e37342e302f32342d3234203d3e2032393134.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.79.74.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:d5:98:9c:f7:af:19:59:0c:8b:e1:ce:54:ed:6a:dd:3e:df:
         91:8e:f0:50:eb:62:83:57:41:ea:74:9e:0d:99:ff:bd:66:02:
         84:22:ce:85:eb:86:65:d1:44:5e:70:5c:23:ee:25:45:ad:25:
         e1:96:05:5c:6b:6c:eb:6f:41:54:0c:5a:8d:b8:ff:af:a4:14:
         95:36:3a:51:4f:fb:c4:68:0d:ba:54:73:e5:aa:36:18:31:18:
         b8:14:a5:13:19:f2:24:ab:7d:2f:bb:12:a9:13:cb:66:4c:b9:
         07:a7:1d:80:be:9c:3e:54:2f:aa:19:ab:e5:e8:24:72:ec:a8:
         09:11:24:8f:5b:3e:00:2f:07:d8:cf:f4:b3:01:ca:09:29:6b:
         29:47:4f:59:42:8a:d5:81:4a:e9:b2:03:37:3b:11:94:2b:50:
         8f:3c:ba:71:0e:1b:a5:ea:72:61:fa:9e:95:87:ab:e1:75:08:
         75:80:70:d0:24:c1:1f:c3:d4:e8:70:bc:ef:bb:8d:f7:f8:5e:
         eb:4b:ed:ff:6d:da:e7:53:0e:38:fc:8f:72:42:57:7e:be:fa:
         c9:55:d6:64:3d:0f:9b:36:db:59:50:46:71:f8:14:c1:c7:3e:
         08:20:6e:51:1a:7d:c4:7a:3d:94:41:fa:81:93:e1:98:65:76:
         cf:7d:be:22
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUQzzguXm/VcC04r/Z1FcJ2FQLMj4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTA4MjEwNjM0MjVaFw0yNjA4MjAwNjM5MjVaMDMxMTAvBgNV
BAMTKEVCQkY5Q0Y1QjM2MzBFRTM0ODgwN0I2RDlGREQ0ODhCMEQxQjExNEUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2mk0hvat66wAc0eNKpo13UmAE
b7ZZCKDaX/qCuSNsKQ8mbMqkWa8J74StKMXkh9RPQat8WDraFa68jy4ghcBzJUK6
ys1dsT3yrQNR6pQs/ZR5NNYuB8dQ/BPTYpryq9uZ36m4jlBQmNY0nmNCHz8RJavG
TeFuRXD4wAuObfPY2mUasjq0vc3zkuGvuixKvDB1mHGBZOwdMyHuyIv8Qn5IgXL5
w2fAbClJD4S4mRJNkx1hBTS+OSfVivz1dJGGy+6LEIHxEta560W1bO3uESU8f3Gb
6vqDGyRamA0dojZpjAitQFJHiUIlsMqZZfT/aKQRcY69kzxgqVLyuKrL3ulTAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQU67+c9bNjDuNIgHttn91Iiw0bEU4wHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzNDM1MmUzNzM5MmUzNzM0
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzIzOTMxMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACRT0ow
DQYJKoZIhvcNAQELBQADggEBADDVmJz3rxlZDIvhzlTtat0+35GO8FDrYoNXQep0
ng2Z/71mAoQizoXrhmXRRF5wXCPuJUWtJeGWBVxrbOtvQVQMWo24/6+kFJU2OlFP
+8RoDbpUc+WqNhgxGLgUpRMZ8iSrfS+7EqkTy2ZMuQenHYC+nD5UL6oZq+XoJHLs
qAkRJI9bPgAvB9jP9LMBygkpaylHT1lCitWBSumyAzc7EZQrUI88unEOG6XqcmH6
npWHq+F1CHWAcNAkwR/D1OhwvO+7jff4XutL7f9t2udTDjj8j3JCV36++slV1mQ9
D5s221lQRnH4FMHHPgggblEafcR6PZRB+oGT4Zhlds99viI=
-----END CERTIFICATE-----